aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcamera
diff options
context:
space:
mode:
authorLaurent Pinchart <laurent.pinchart@ideasonboard.com>2022-08-07 02:55:15 +0300
committerLaurent Pinchart <laurent.pinchart@ideasonboard.com>2022-08-09 16:05:58 +0300
commitbedef55d95006e13d51a12f4e8eb3ab9ee3aaa4e (patch)
treec1a7c8fc8cd93817a286cb604c9557b457aa481d /src/libcamera
parentea8ff99dca6a9cca80a211aceb8d8646f92a2ffb (diff)
libcamera: pub_key: Gracefully handle failures to load public key
If the public key fails to load, PubKey::isValid() function returns false. The only user of the PubKey class, the IPAManager class, doesn't check that condition, and still calls the PubKey::verify() function, which leads to a crash. Fix this by returning false from PubKey::verify() if the key isn't valid, and log a warning in the IPAManager constructor to report the issue. Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com> Tested-by: Eric Curtin <ecurtin@redhat.com> Reviewed-by: Eric Curtin <ecurtin@redhat.com> Reviewed-by: Kieran Bingham <kieran.bingham@ideasonboard.com>
Diffstat (limited to 'src/libcamera')
-rw-r--r--src/libcamera/ipa_manager.cpp3
-rw-r--r--src/libcamera/pub_key.cpp3
2 files changed, 6 insertions, 0 deletions
diff --git a/src/libcamera/ipa_manager.cpp b/src/libcamera/ipa_manager.cpp
index ec966045..2f96a207 100644
--- a/src/libcamera/ipa_manager.cpp
+++ b/src/libcamera/ipa_manager.cpp
@@ -109,6 +109,9 @@ IPAManager::IPAManager()
LOG(IPAManager, Fatal)
<< "Multiple IPAManager objects are not allowed";
+ if (!pubKey_.isValid())
+ LOG(IPAManager, Warning) << "Public key not valid";
+
unsigned int ipaCount = 0;
/* User-specified paths take precedence. */
diff --git a/src/libcamera/pub_key.cpp b/src/libcamera/pub_key.cpp
index 9bb08fda..b2045a10 100644
--- a/src/libcamera/pub_key.cpp
+++ b/src/libcamera/pub_key.cpp
@@ -76,6 +76,9 @@ PubKey::~PubKey()
bool PubKey::verify([[maybe_unused]] Span<const uint8_t> data,
[[maybe_unused]] Span<const uint8_t> sig) const
{
+ if (!valid_)
+ return false;
+
#if HAVE_GNUTLS
const gnutls_datum_t gnuTlsData{
const_cast<unsigned char *>(data.data()),

Privacy Policy